C++ to PB. Headaches, white nights, etc..
Well the Dll is working thats cool
But i'm Freaking still not able to ObtainSeDebugPrivilege on ex. Explorer.exe
it failes allready OpenProcessToken_()
Inf0byt3's PureAV need to get access to any process in oder to ex. kill them and it seems he is not able to on my system,
Still Thank you KarLKoX
Best Henrik
But i'm Freaking still not able to ObtainSeDebugPrivilege on ex. Explorer.exe
it failes allready OpenProcessToken_()
Inf0byt3's PureAV need to get access to any process in oder to ex. kill them and it seems he is not able to on my system,
Still Thank you KarLKoX
Best Henrik
OkayKarLKoX wrote:I tried with explorer and now the privilege is ok but the dll is not mapped to the process ... i tried pausing the thread, injecting the dll and resuming the thread but with no success
I will continue to search and let you know when i find a solution.
I'm glad/relieved you don't give up so easily, i would'nt stand a chance here
.... xplorer and now the privilege is ok
Is it a new source, i messed the last one up so badly, but i can't see the changes in the one i just downloaded, i try to messe around some more
it can only crash my pc 
Thanks KarLKoX
In the ObtainSeDebugPrivilege, change the two
to (for the first)
and for the second
Code: Select all
If GetLastError_() <> #ERROR_SUCCESS
Code: Select all
"If AdjustTokenPrivileges_(hToken, #False, @TokenPrivileges, SizeOf(TOKEN_PRIVILEGES), @PreviousTokenPrivileges, @dwPreviousTokenPrivilegesSize) <= 0"
Code: Select all
If AdjustTokenPrivileges_(hToken, #False, @PreviousTokenPrivileges, dwPreviousTokenPrivilegesSize, #Null, #Null) <= 0
Okay
should i drop the.
I changed the code as you said, but on my pc it failes here: with
OpenProcessToken False!
Best Henrik
should i drop the.
Code: Select all
If GetLastError_() <> #ERROR_SUCCESS
OpenProcessToken False!
Code: Select all
dwPreviousTokenPrivilegesSize = SizeOf(TOKEN_PRIVILEGES)
result = OpenProcessToken_(hProcess, #TOKEN_ADJUST_PRIVILEGES | #TOKEN_QUERY, @hToken)
If result = #False
PrintN("OpenProcessToken False!")
ProcedureReturn #False
Else
PrintN("OpenProcessToken True")
EndIf
this is odd, is'nt this wrong
The pid for explorer.exe is = 1436 but the hProcess is = 40 : now the OpenProcessToken i returning true
.
AdjustTokenPrivileges seems to return true, but no go ?
Best Henrik
Code: Select all
Procedure DoHook(pid.l,UnHook.b,hFreeModule.l)
... bla
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS, #False, pid)
ObtainSeDebugPrivilege(hProcess) ; *** <----- Not pid ***
;hProcess = OpenProcess_(#PROCESS_ALL_ACCESS, #False, pid)
...
Procedure ObtainSeDebugPrivilege(hProcess.l)
... bla
PrintN("hProcess = "+Str(hProcess))
result = OpenProcessToken_(hProcess, #TOKEN_ADJUST_PRIVILEGES | #TOKEN_QUERY, @hToken)
If result = #False
PrintN("OpenProcessToken False")
ProcedureReturn #False
Else
PrintN("OpenProcessToken True "+Str(result))
EndIf
.
AdjustTokenPrivileges seems to return true, but no go ?
Best Henrik
The archive was updated with some changes.
About the odd, read well the code, i never wrote this, but i set first the privilege with the pid, the param for the ObtainSeDebugPrivilege is just named hProcess but the hProcess is the pid
Btw, it should never work for the pid this is why with the modified source you will see that i use GetCurrentProcess_() instead to set the privilege to our process wich then should be able to be used to the target process.
About the odd, read well the code, i never wrote this, but i set first the privilege with the pid, the param for the ObtainSeDebugPrivilege is just named hProcess but the hProcess is the pid
Btw, it should never work for the pid this is why with the modified source you will see that i use GetCurrentProcess_() instead to set the privilege to our process wich then should be able to be used to the target process.